package org.apache.cxf.ws.security.wss4j.policyhandlers;

import com.ibm.icu.text.PluralRules;
import java.util.Collection;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyException;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.PolicyUtils;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.neethi.Assertion;
import org.apache.wss4j.policy.SP13Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.AbstractTokenWrapper;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.model.HttpsToken;
import org.apache.wss4j.policy.model.IssuedToken;
import org.apache.wss4j.policy.model.KerberosToken;
import org.apache.wss4j.policy.model.KeyValueToken;
import org.apache.wss4j.policy.model.SamlToken;
import org.apache.wss4j.policy.model.SecureConversationToken;
import org.apache.wss4j.policy.model.SecurityContextToken;
import org.apache.wss4j.policy.model.SpnegoContextToken;
import org.apache.wss4j.policy.model.Trust10;
import org.apache.wss4j.policy.model.Trust13;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.Wss10;
import org.apache.wss4j.policy.model.Wss11;
import org.apache.wss4j.policy.model.X509Token;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.class */
public abstract class AbstractCommonBindingHandler {
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractCommonBindingHandler.class);
    protected final SoapMessage message;

    public AbstractCommonBindingHandler(SoapMessage soapMessage) {
        this.message = soapMessage;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void unassertPolicy(Assertion assertion, String str) {
        if (assertion == null) {
            return;
        }
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "Not asserting " + assertion.getName() + PluralRules.KEYWORD_RULE_SEPARATOR + str);
        }
        Collection<AssertionInfo> collection = ((AssertionInfoMap) this.message.get(AssertionInfoMap.class)).get(assertion.getName());
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() == assertion) {
                    assertionInfo.setNotAsserted(str);
                }
            }
        }
        if (!assertion.isOptional()) {
            throw new PolicyException(new Message(str, LOG, new Object[0]));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void unassertPolicy(Assertion assertion, Exception exc) {
        if (assertion == null) {
            return;
        }
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "Not asserting " + assertion.getName() + PluralRules.KEYWORD_RULE_SEPARATOR + exc);
        }
        Collection<AssertionInfo> collection = ((AssertionInfoMap) this.message.get(AssertionInfoMap.class)).get(assertion.getName());
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() == assertion) {
                    assertionInfo.setNotAsserted(exc.getMessage());
                }
            }
        }
        if (!assertion.isOptional()) {
            throw new PolicyException(new Message(exc.getMessage(), LOG, new Object[0]), exc);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertTokenWrapper(AbstractTokenWrapper abstractTokenWrapper) {
        if (abstractTokenWrapper == null) {
            return;
        }
        assertPolicy(abstractTokenWrapper.getName());
        assertToken(abstractTokenWrapper.getToken());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertToken(AbstractToken abstractToken) {
        if (abstractToken == null) {
            return;
        }
        assertPolicy(abstractToken.getName());
        String namespaceURI = abstractToken.getName().getNamespaceURI();
        if (abstractToken.getDerivedKeys() != null) {
            assertPolicy(new QName(namespaceURI, abstractToken.getDerivedKeys().name()));
        }
        if (abstractToken instanceof X509Token) {
            assertX509Token((X509Token) abstractToken);
            return;
        }
        if (abstractToken instanceof HttpsToken) {
            HttpsToken httpsToken = (HttpsToken) abstractToken;
            if (httpsToken.getAuthenticationType() != null) {
                assertPolicy(new QName(namespaceURI, httpsToken.getAuthenticationType().name()));
                return;
            }
            return;
        }
        if (abstractToken instanceof KeyValueToken) {
            if (((KeyValueToken) abstractToken).isRsaKeyValue()) {
                assertPolicy(new QName(namespaceURI, SPConstants.RSA_KEY_VALUE));
                return;
            }
            return;
        }
        if (abstractToken instanceof UsernameToken) {
            assertUsernameToken((UsernameToken) abstractToken);
            return;
        }
        if (abstractToken instanceof SecureConversationToken) {
            assertSecureConversationToken((SecureConversationToken) abstractToken);
            return;
        }
        if (abstractToken instanceof SecurityContextToken) {
            assertSecurityContextToken((SecurityContextToken) abstractToken);
            return;
        }
        if (abstractToken instanceof SpnegoContextToken) {
            assertSpnegoContextToken((SpnegoContextToken) abstractToken);
            return;
        }
        if (abstractToken instanceof IssuedToken) {
            assertIssuedToken((IssuedToken) abstractToken);
        } else if (abstractToken instanceof KerberosToken) {
            assertKerberosToken((KerberosToken) abstractToken);
        } else if (abstractToken instanceof SamlToken) {
            assertSamlToken((SamlToken) abstractToken);
        }
    }

    private void assertX509Token(X509Token x509Token) {
        String namespaceURI = x509Token.getName().getNamespaceURI();
        if (x509Token.isRequireEmbeddedTokenReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE));
        }
        if (x509Token.isRequireIssuerSerialReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE));
        }
        if (x509Token.isRequireKeyIdentifierReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE));
        }
        if (x509Token.isRequireThumbprintReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_THUMBPRINT_REFERENCE));
        }
        if (x509Token.getTokenType() != null) {
            assertPolicy(new QName(namespaceURI, x509Token.getTokenType().name()));
        }
    }

    private void assertUsernameToken(UsernameToken usernameToken) {
        String namespaceURI = usernameToken.getName().getNamespaceURI();
        if (usernameToken.getPasswordType() != null) {
            assertPolicy(new QName(namespaceURI, usernameToken.getPasswordType().name()));
        }
        if (usernameToken.getUsernameTokenType() != null) {
            assertPolicy(new QName(namespaceURI, usernameToken.getUsernameTokenType().name()));
        }
        if (usernameToken.isCreated()) {
            assertPolicy(SP13Constants.CREATED);
        }
        if (usernameToken.isNonce()) {
            assertPolicy(SP13Constants.NONCE);
        }
    }

    private void assertSecurityContextToken(SecurityContextToken securityContextToken) {
        String namespaceURI = securityContextToken.getName().getNamespaceURI();
        if (securityContextToken.isRequireExternalUriReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_EXTERNAL_URI_REFERENCE));
        }
        if (securityContextToken.isSc10SecurityContextToken()) {
            assertPolicy(new QName(namespaceURI, SPConstants.SC10_SECURITY_CONTEXT_TOKEN));
        }
        if (securityContextToken.isSc13SecurityContextToken()) {
            assertPolicy(new QName(namespaceURI, SPConstants.SC13_SECURITY_CONTEXT_TOKEN));
        }
    }

    private void assertSecureConversationToken(SecureConversationToken secureConversationToken) {
        assertSecurityContextToken(secureConversationToken);
        String namespaceURI = secureConversationToken.getName().getNamespaceURI();
        if (secureConversationToken.isMustNotSendAmend()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_NOT_SEND_AMEND));
        }
        if (secureConversationToken.isMustNotSendCancel()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_NOT_SEND_CANCEL));
        }
        if (secureConversationToken.isMustNotSendRenew()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_NOT_SEND_RENEW));
        }
    }

    private void assertSpnegoContextToken(SpnegoContextToken spnegoContextToken) {
        String namespaceURI = spnegoContextToken.getName().getNamespaceURI();
        if (spnegoContextToken.isMustNotSendAmend()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_NOT_SEND_AMEND));
        }
        if (spnegoContextToken.isMustNotSendCancel()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_NOT_SEND_CANCEL));
        }
        if (spnegoContextToken.isMustNotSendRenew()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_NOT_SEND_RENEW));
        }
    }

    private void assertIssuedToken(IssuedToken issuedToken) {
        String namespaceURI = issuedToken.getName().getNamespaceURI();
        if (issuedToken.isRequireExternalReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_EXTERNAL_REFERENCE));
        }
        if (issuedToken.isRequireInternalReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_INTERNAL_REFERENCE));
        }
    }

    private void assertKerberosToken(KerberosToken kerberosToken) {
        String namespaceURI = kerberosToken.getName().getNamespaceURI();
        if (kerberosToken.isRequireKeyIdentifierReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE));
        }
        if (kerberosToken.getApReqTokenType() != null) {
            assertPolicy(new QName(namespaceURI, kerberosToken.getApReqTokenType().name()));
        }
    }

    private void assertSamlToken(SamlToken samlToken) {
        String namespaceURI = samlToken.getName().getNamespaceURI();
        if (samlToken.isRequireKeyIdentifierReference()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE));
        }
        if (samlToken.getSamlTokenType() != null) {
            assertPolicy(new QName(namespaceURI, samlToken.getSamlTokenType().name()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertAlgorithmSuite(AlgorithmSuite algorithmSuite) {
        Collection<AssertionInfo> collection;
        if (algorithmSuite == null) {
            return;
        }
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) this.message.get(AssertionInfoMap.class);
        Iterator<AssertionInfo> it = assertionInfoMap.get(algorithmSuite.getName()).iterator();
        while (it.hasNext()) {
            it.next().setAsserted(true);
        }
        AlgorithmSuite.AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType();
        String namespace = algorithmSuiteType.getNamespace();
        if (namespace == null || (collection = assertionInfoMap.get(new QName(namespace, algorithmSuiteType.getName()))) == null) {
            return;
        }
        Iterator<AssertionInfo> it2 = collection.iterator();
        while (it2.hasNext()) {
            it2.next().setAsserted(true);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertWSSProperties(String str) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) this.message.get(AssertionInfoMap.class);
        Collection<AssertionInfo> collection = assertionInfoMap.get(new QName(str, SPConstants.WSS10));
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                assertionInfo.setAsserted(true);
                assertWSS10Properties((Wss10) assertionInfo.getAssertion());
            }
        }
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(new QName(str, SPConstants.WSS11));
        if (collection2 != null) {
            for (AssertionInfo assertionInfo2 : collection2) {
                assertionInfo2.setAsserted(true);
                Wss11 wss11 = (Wss11) assertionInfo2.getAssertion();
                assertWSS10Properties(wss11);
                if (wss11.isMustSupportRefThumbprint()) {
                    assertPolicy(new QName(str, SPConstants.MUST_SUPPORT_REF_THUMBPRINT));
                }
                if (wss11.isMustSupportRefEncryptedKey()) {
                    assertPolicy(new QName(str, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY));
                }
                if (wss11.isRequireSignatureConfirmation()) {
                    assertPolicy(new QName(str, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
                }
            }
        }
    }

    private void assertWSS10Properties(Wss10 wss10) {
        String namespaceURI = wss10.getName().getNamespaceURI();
        if (wss10.isMustSupportRefEmbeddedToken()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN));
        }
        if (wss10.isMustSupportRefKeyIdentifier()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER));
        }
        if (wss10.isMustSupportRefIssuerSerial()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL));
        }
        if (wss10.isMustSupportRefExternalURI()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertTrustProperties(String str) {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) this.message.get(AssertionInfoMap.class);
        Collection<AssertionInfo> collection = assertionInfoMap.get(new QName(str, SPConstants.TRUST_10));
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                assertionInfo.setAsserted(true);
                assertTrust10Properties((Trust10) assertionInfo.getAssertion());
            }
        }
        Collection<AssertionInfo> collection2 = assertionInfoMap.get(new QName(str, SPConstants.TRUST_13));
        if (collection2 != null) {
            for (AssertionInfo assertionInfo2 : collection2) {
                assertionInfo2.setAsserted(true);
                Trust13 trust13 = (Trust13) assertionInfo2.getAssertion();
                assertTrust10Properties(trust13);
                if (trust13.isRequireRequestSecurityTokenCollection()) {
                    assertPolicy(new QName(str, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION));
                }
                if (trust13.isRequireAppliesTo()) {
                    assertPolicy(new QName(str, SPConstants.REQUIRE_APPLIES_TO));
                }
                if (trust13.isScopePolicy15()) {
                    assertPolicy(new QName(str, SPConstants.SCOPE_POLICY_15));
                }
                if (trust13.isMustSupportInteractiveChallenge()) {
                    assertPolicy(new QName(str, SPConstants.MUST_SUPPORT_INTERACTIVE_CHALLENGE));
                }
            }
        }
    }

    private void assertTrust10Properties(Trust10 trust10) {
        String namespaceURI = trust10.getName().getNamespaceURI();
        if (trust10.isMustSupportClientChallenge()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE));
        }
        if (trust10.isMustSupportIssuedTokens()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_SUPPORT_ISSUED_TOKENS));
        }
        if (trust10.isMustSupportServerChallenge()) {
            assertPolicy(new QName(namespaceURI, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE));
        }
        if (trust10.isRequireClientEntropy()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_CLIENT_ENTROPY));
        }
        if (trust10.isRequireServerEntropy()) {
            assertPolicy(new QName(namespaceURI, SPConstants.REQUIRE_SERVER_ENTROPY));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<AssertionInfo> getAllAssertionsByLocalname(String str) {
        return PolicyUtils.getAllAssertionsByLocalname((AssertionInfoMap) this.message.get(AssertionInfoMap.class), str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SoapMessage getMessage() {
        return this.message;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isRequestor() {
        return MessageUtils.isRequestor(this.message);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isTokenRequired(SPConstants.IncludeTokenType includeTokenType) {
        if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
            return false;
        }
        if (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
            return true;
        }
        boolean isRequestor = MessageUtils.isRequestor(this.message);
        if (isRequestor && (includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT || includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
            return true;
        }
        return !isRequestor && includeTokenType == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Wss10 getWss10() {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) this.message.get(AssertionInfoMap.class);
        AssertionInfo firstAssertionByLocalname = PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.WSS10);
        if (firstAssertionByLocalname == null) {
            firstAssertionByLocalname = PolicyUtils.getFirstAssertionByLocalname(assertionInfoMap, SPConstants.WSS11);
        }
        if (firstAssertionByLocalname != null) {
            return (Wss10) firstAssertionByLocalname.getAssertion();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityToken getSecurityToken() {
        String str;
        SecurityToken securityToken = (SecurityToken) this.message.getContextualProperty(SecurityConstants.TOKEN);
        if (securityToken == null && (str = (String) this.message.getContextualProperty(SecurityConstants.TOKEN_ID)) != null) {
            securityToken = TokenStoreUtils.getTokenStore(this.message).getToken(str);
        }
        return securityToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertPolicy(QName qName) {
        PolicyUtils.assertPolicy((AssertionInfoMap) this.message.get(AssertionInfoMap.class), qName);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertPolicy(Assertion assertion) {
        if (assertion == null) {
            return;
        }
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "Asserting " + assertion.getName());
        }
        Collection<AssertionInfo> collection = ((AssertionInfoMap) this.message.get(AssertionInfoMap.class)).get(assertion.getName());
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() == assertion) {
                    assertionInfo.setAsserted(true);
                }
            }
        }
    }
}
